1
Detection Strategy for Cryptographic GNSS
Anti-Spoofing
Todd E. Humphreys
Abstract—A strategy is presented for detecting spoofing attacks
against cryptographically-secured Global Navigation Satellite
System (GNSS) signals. The strategy is applicable both to
military Global Positioning System signals and to proposed
security-enhanced civil GNSS signals, whose trustworthiness is
increasingly an issue of national security. The detection strategy
takes the form of a hypothesis test that accounts for the statistical
profile of a replay-type spoofing attack. A performance and
robustness evaluation demonstrates that the detection test is both
powerful and tolerant of some uncertainty in the threat model.
The test is validated by experiments conducted on a spoofing
testbed.
Keywords: Cryptographic anti-spoofing, GNSS security,
GNSS spoofing detection, GNSS authentication.
I. I NTRODUCTION
Spoofing is no longer a concern only for military Global
Positioning System (GPS) users. Spoofing attacks, in which
counterfeit GPS signals are generated for the purpose of
manipulating a target receiver’s reported position and time,
have been demonstrated with low-cost commercial equipment
against a wide variety of civil GPS receivers [1], [2]. The
growing dependence of critical civil infrastructure on GPS—
for transportation, communication, energy distribution, and
banking and finance—makes civil GPS spoofing not only
an economic and safety threat but also a matter of national
security [3]–[5].
Military GPS signals have long been protected against
spoofing by a cryptographic anti-spoofing technique whereby a
binary chipping sequence that is only predictable to authorized
users modulates the GPS carrier [6]. A growing literature
recommends similar techniques be applied to protect civil
GPS signals [7], [8] and other Global Navigation Satellite
System (GNSS) signals [9], [10]. As opposed to anti-spoofing
techniques that depend on accurate inertial measurements [11]
or multiple antennas [12], cryptographic spoofing defenses
are attractive because they can be implemented without additional hardware. Navigation message authentication (NMA),
the insertion of a public-key digital signature into the low-rate
(e.g., 50 Hz) civil navigation message stream, is viewed as a
practical near-term approach to securing civil GNSS signals
[7]–[9], [13], [14].
For cryptographic techniques to be effective against GNSS
spoofing, a proper detection test must be implemented within
each secured receiver. What little has been written on this
subject in the open literature has observed that spoofing can be
Author’s
address:
Department
of
Aerospace
Engineering,
The University of Texas at Austin, Austin TX, 78712, Email:
([email protected]).
detected as a drop in the correlation power over an encrypted
interval [7]. But this simple detection technique is far from
optimal against an attack in which the spoofer attempts to
estimate, manipulate, and replay a cryptographically-secured
GNSS signal in real-time. It is especially ineffective for
NMA-secured signals, which manifest no detectable drop in
the standard correlation power under a replay attack. What
is needed is an open and thorough statistical treatment of
the spoofing detection problem for cryptographically-secured
GNSS signals.
This paper makes three principal contributions. First, it develops a model for sophisticated replay-type spoofing attacks
against security-enhanced GNSS signals. Second, it derives
a unified near-optimal detection strategy for such attacks.
The strategy is applicable to both low-rate cryptographic
techniques such as NMA and high-rate techniques such as
legacy military GPS Y-code encryption. Third, this paper
demonstrates that with a proper detection test NMA is effective
for anti-spoofing. This result, which has not been previously
established in the open literature, is significant given the
immediate need for a practical defense against civil GNSS
spoofing.
II. G ENERALIZED M ODEL FOR S ECURITY-E NHANCED
GNSS S IGNALS
Consider the following model for the digital signal exiting
the radio frequency (RF) front end of a GNSS receiver:
Yk = wk ck cos(2πfIF tk + θk ) + Nk
(1)
Here, at sample index k, wk is a ±1-valued security code with
chip length Tw , ck is a known ±1-valued spreading (ranging)
code with chip length Tc , tk is receiver time, fIF is the
intermediate value of the downmixed carrier frequency, θk is
the beat carrier phase, and Nk is a sequence of independent,
identically distributed zero-mean Gaussian noise samples with
variance σ 2 that model the effects of thermal noise and
interfering signals. The variance σ 2 and the unity signal
amplitude imply a carrier-to-noise ratio
C/N0 =
1
4σ 2 Ts
(2)
where Ts is the sampling interval.
This model considers only a single GNSS signal corresponding to a unique combination of spreading code and
carrier frequency. A single-signal model is appropriate because
although a spoofer may generate counterfeit replicas of an
entire ensemble of GNSS signals, the spoofing detection
Preprint of article in IEEE Transactions on Aerospace and Electronics Systems.
problem can be treated at the level of individual signals within
the ensemble.
The spoofing detection problem involves two agents: the
spoofer and the receiver it is targeting. The latter is simultaneously attempting to defend itself by detecting the spoofing
attack. Hereafter, these two agents will be referred to as the
spoofer and the defender.
For convenience, both the spoofer and defender will be
assumed to have ideal clocks and to sample incoming signals
simultaneously with sampling interval Ts . Thus, tk will refer
hereafter to true time at sample index k within both the spoofer
and defender. The assumptions of ideal time and simultaneous
sampling simplify the detection analysis without significantly
altering the underlying statistics so long as the spoofer’s front
end bandwidth is at least as wide as the defender’s.
The model in (1) differs from traditional sampled GNSS
signal models (e.g., those presented in [15]) in two ways.
First, the signal and noise have been normalized so that the
modeled signal amplitude is unity. This normalization has no
effect on C/N0 but simplifies the notation of the detection
problem. Second, the security code wk has been substituted
in place of the usual ±1-valued navigation data sequence
dk . In fact, wk subsumes rather than replaces dk : wk is
a generalization of a binary modulating sequence carrying
encryption or authentication codes that may be modulated by
dk or may be embedded within dk .
The security code wk can be classified as high rate or
low rate by comparing its chip interval Tw to the coherent
accumulation interval Ta : 1 ≤ Ta ≤ 20 ms typically applied
in GNSS receivers. For a high-rate code Tw ≪ Ta whereas
for a low-rate code Tw ≈ Ta . The following specific examples
will help clarify the definition of wk .
1) Let (1) model a downmixed version of the GPS L1 or
L2 P(Y) code signal. In this case, the security code
is given by wk = dk W̃k , where dk is the legacy
GPS navigation data and W̃k is the GPS W code,
unpredictable to unauthorized users, which modulates
the P code (represented in this case by ck ) to form the Y
code [16]. The security code in this case can be classified
as high-rate because the chip length Tw is the same as
the chip length of the W code, or approximately 2 µs,
which is much shorter than typical values of Ta .
2) Let (1) model a downmixed version of the modernized
GPS L2 CM code signal. In this case, wk = dk ,
where dk carries civil navigation (CNAV) formatted
navigation data, which, as presently defined, are highly
predictable but could be modified to include periodic
unpredictable authentication messages, as proposed in
[7], [8]. Insertion of periodic unpredictable authentication messages (e.g., digital signatures) into the GPS
CNAV data stream is an example implementation of
NMA. The security code in this case can be classified
as low-rate because the chip length Tw is the same as
the underlying navigation data stream before application
of forward error correction, or Tw = 40 ms, which is
close to typical values of Ta .
Encryption codes such as the GPS W code serve a dual
purpose: they both authenticate and deny unauthorized access
to the signals they encrypt. Authentication codes, on the other
hand, are single-purpose: they assure the user that the signals
they modulate originate with the expected GNSS but they do
not deny signal access. Accordingly, the authentication codes
proposed for civil GNSS in [7]–[9] modulate the underlying
signals only intermittently and would not prevent a receiver
that ignores them from tracking the signals they modulate.
Whether it represents an encryption or authentication code,
the crucial feature of the security code wk in the context of
spoofing detection is that it contains segments of chips that can
be modeled as perfectly random, and therefore unpredictable,
from the point of view of a would-be spoofer.
III. S ECURITY C ODE E STIMATION AND R EPLAY ATTACK
A. Overview
The unpredictability of the security code is an obstacle
for a would-be spoofer. A simple spoofing technique such
as discussed in [1] relies on the known signal structure of
the GPS L1 C/A signal and the near-perfect predictability
of its navigation data stream. However, if a GNSS signal
is security enhanced so that segments of its spreading code
or navigation data are unpredictable, then the spoofer in [1]
cannot perfectly match its counterfeit signals chip-for-chip
to the authentic signals. The same holds true for any other
spoofing technique except for zero-delay meaconing, which is
the recording and instantaneous playback of an entire block
of RF spectrum containing an ensemble of GNSS signals
[3], [8]. Meaconing is, however, a strongly constrained type
of spoofing: the constituent GNSS signals in a meaconer’s
transmitted ensemble cannot be manipulated independently but
instead must all be delayed equivalently. In view of this, a
would-be spoofer has an incentive to seek a more flexible
technique.
A spoofer could, of course, ignore the broadcast security
codes altogether, filling in dummy values for wk , but such a
scheme is easily detected. In an attack against a GNSS signal
modulated by a low-rate security code such as proposed in
[8], [9], the dummy wk values would fail the cryptographic
validation test. Against a high-rate security code, the dummy
wk values would yield zero average power when correlated
with the true wk sequence [7], [9].
A strategy more flexible than meaconing and more effective
than dummy-value-filling is for the spoofer to estimate the
security code wk as best it can in real time for each GNSS
signal it intends to spoof. In this scheme, as the spoofer obtains
an estimate of each successive security chip, it immediately
injects this estimate into a signal replica generator primed
with up-to-date spreading code and carrier replicas. This is
the security code estimation and replay (SCER) attack. The
resulting signal, as it exists within the spoofer before scaling,
up-mixing, and rebroadcast, is modeled as
ŷk = ŵk c(τ̂k ) cos(2πfIF tk + θ̂k )
(3)
where ŵk is the security code estimate, c(τ̂k ) is the known
spreading code evaluated at the code offset estimate τ̂k , θ̂k is
the beat carrier phase estimate, and tk is time, all evaluated
at sample index k.
2
Preprint of article in IEEE Transactions on Aerospace and Electronics Systems.
For received signals with moderate to high C/N0 , the code
offset and phase estimates τ̂k and θ̂k produced by the spoofer’s
code and carrier tracking loops will be close to the true
quantities. In any case, assuming τ̂k = τk and θ̂k = θk
only favors the spoofer in the detection problem, which is
consistent with a pessimistic defensive model. Accordingly,
let the spoofing signal model be rewritten as
ŷk = ŵk ck cos(2πfIF tk + θk ) = ŵk sk
signal since before the beginning of the spoofing attack [5],
[9]. Therefore, the spoofer’s strategy in the non-zero-latency
SCER attack will be to break this continuity by jamming or
blocking the authentic signals for a interval of time before
initiating the spoofing attack, thus widening the defender’s
timing uncertainty, or “window of acceptance” [7], [8], [17].
The required duration of this signal-denial interval depends
on the desired delay dTs and on the assumed stability of the
defender’s clock (for stationary defenders). As an example,
for the low-cost temperature-compensated crystal oscillators
typical in commercial GNSS equipment, in-the-field stability
is approximately one part in 107 . Thus, to widen the defender’s
time uncertainty beyond one GPS W-code chip length (Tw ≈ 2
µs) would require approximately 20 seconds of jamming or
blockage.
When the total delay is greater than or equal to the security
code chip length (i.e., dTs ≥ Tw ), then analysis of the
non-zero-latency SCER attack becomes similar to analysis of
so-called Z-tracking used in survey- and science-grade GPS
receivers [16].
(4)
where ck and θk are as in (1) and sk , ck cos(2πfIF tk + θk )
has been introduced as an abbreviation.
It will be useful to distinguish SCER attack variations in
terms of latency and w-code estimation strategy.
B. Latency
For a single GNSS signal corresponding to a particular
satellite, the combined SCER-spoofing and authentic received
signals can be modeled as
Yk = αŵk−d sk−d + wk sk + Nk
(5)
The first term on the right hand side of (5) represents the
spoofing signal, with α ≥ 1 being the spoofing signal’s
amplitude advantage factor and ŵk−d being the security code
estimate arriving with a delay of d samples relative to the
authentic security code wk . The second and third terms on
the right-hand side of (5) represent the authentic signal and
receiver noise, as described previously.
The delay d can be modeled as the sum d = p + e of a
processing and transmission delay p and an estimation and
control delay e. The former represents the required signal
processing and propagation time and does not contribute to
better estimates of the security code chips. The latter represents an additional delay imposed by the spoofer to improve
its estimate of the security code chip values and to control
the relative phasing of the spoofing signals so as to impose
spoofer-defined position and timing offsets on the defender.
Consistent with a pessimistic model, in this paper p is
assumed to be zero and the spoofer’s estimate ŵk+d , which
arrives at the defender’s RF front end at time tk+d , is assumed
to enjoy the benefit of all data in the authentic security code
wk up to time tk+d . Clearly, a spoofer with zero processing
and transmission delay is not realistic; nonetheless, the d = e
assumption provides a useful limiting case against which
spoofing detection strategies can be benchmarked.
1) Zero-Latency SCER Attack: In the zero-latency SCER
attack, the spoofer is assumed to rebroadcast a counterfeit
signal that is initially exactly aligned with its authentic signal
counterpart in the defender’s RF front end. Thus, d = 0 in (5)
and the security code estimate ŵk that arrives at time tk is
based on data in wk up to tk .
2) Non-Zero-Latency SCER Attack: In the non-zero-latency
SCER attack, the spoofer is assumed to rebroadcast a counterfeit signal that arrives at the defender’s RF front end with
a delay of d > 0 samples (dTs > 0 seconds) relative to
the authentic signal. Any significant total delay dTs in the
spoofer’s counterfeit signal would be immediately obvious to
a defender that has been continuously tracking the authentic
C. Security Code Estimation
Consider the signal model of (1) from the perspective of a
spoofer attempting to estimate the value of each chip in the
security code wk . Let the variance of the spoofer’s independent
Gaussian noise samples Nk be σs2 . In keeping with a model
that favors the spoofer, assume that the spoofer has perfect
knowledge of the signal structure and can generate a local
replica sk that is perfectly code- and carrier-phase aligned
with the code and carrier product of the received signal. Under
these conditions, which describe ideal coherent detection, the
optimal security code chip estimator structure is a matched
filter [18], [19]. Let Wl ∈ {−1, 1} represent the value of lth
security code chip and let kl represent the index of the first
sample within the lth chip. Then the output of the matched
filter after the first n samples within the lth chip have been
processed is
k +n−1
2 l∑
Zl (n) =
Yk sk
(6)
n
k=kl
for n = 1, 2, ..., ⌊Tw /Ts ⌋. Due to the linearity of the matched
filter operation, Zl (n) is Gaussian distributed with mean
2
E[Zl (n)] = Wl and variance σZ
(n) = 2σs2 /n. The matched
filter output Zl (n) can therefore be modeled as
(
)
2
Zl (n) = Wl + Nl (n), Nl (n) ∼ N 0, σZ
(n)
(7)
In this statistical model, the effect of the double-frequency
term created by the product Yk sk is assumed to be negligible,
which favors the spoofer in the detection problem.
Another way of viewing Zl (n) is as a sufficient statistic
for estimating Wl . In other words, Zl (n) summarizes the
information in {Yk : kl ≤ k < kl + n} that is relevant
to estimating Wl [20]. Given the first n samples in Wl , the
optimal estimate of Wl is a function of Zl (n) that depends on
the chosen optimality criterion. Three well-established criteria
will be considered: maximum likelihood (ML), maximum a
posteriori (MAP), and minimum mean square error (MMSE)
3
Preprint of article in IEEE Transactions on Aerospace and Electronics Systems.
[21]. Estimates based on these criteria can be related to Zl (n)
as shown in Fig. 1.
tanh
X
Zl (n)
2 kl +n−1
(·)
n k=kl
Yk
sk
(·)
σz2 (n)
sgn(·)
decision about the value of Wl . It will be shown later on that
in many cases the MAP estimate is the spoofer’s best choice
for minimizing the probability of detection.
Note that due to the sgn(·) nonlinearity, the statistics of
ŴlMAP (n) are not Gaussian. ŴlMAP (n) can be modeled as
{
Wl w.p. 1 − pe (n)
MAP
Ŵl
(n) =
(13)
−Wl w.p. pe (n)
√
where pe (n) = 21 erfc ( n/2σs ) is the error probability and
erfc(·) is the complementary error function. From this, one
can obtain the mean and second moment of ŴlMAP (n) as
ŴlMMSE (n)
ŴlMAP (n)
ŴlML (n)
Matched Filter
Fig. 1. Estimator structure for the minimum mean square error (MMSE),
maximum a posteriori (MAP), and maximum likelihood (ML) estimates of the
lth security code chip Wl . All estimates are based on the sufficient statistic
Zl (n).
Wl
Wl
The solution to (16) is the conditional mean E[Wl |Zl (n)],
which can be expressed as
E[Wl |Zl (n)] =P (Wl = 1|Zl (n)) − P (Wl = −1|Zl (n))
=2P (Wl = 1|Zl (n)) − 1
(
)
2
= tanh Zl (n)/σZ
(n)
where use has been made of the constraint
P (Wl = −1|Zl (n)) = 1 − P (Wl = 1|Zl (n))
and the fact that
P (Wl = 1|Zl (n) = z) =
(9)
(10)
Wl
Assuming the security code chip values come from a binary
symmetric source, the a priori distribution p(Wl ) can be
written
p(Wl ) = 12 δ(Wl + 1) + 12 δ(Wl − 1)
(11)
where δ(x) is the Dirac delta function. As opposed to the ML
estimate, the MAP estimate, by way of the prior distribution
p(Wl ), enforces the constraint Wl ∈ {−1, 1}. Given that
p(Wl ) is only nonzero at discrete values of Wl , it is convenient
to express ŴlMAP (n) in terms of a probability mass function:
max
Wl ∈{−1,1}
P (Wl |Zl (n))
1
2
e−2z/σZ (n)
1+
Like the MAP estimator, the MMSE estimator incorporates
the prior constraint Wl ∈ {−1, 1}; however the tanh(·)
nonlinearity allows ŴlMMSE (n) to take on any real value in
the domain (−1, 1). One can show that the MMSE estimate
minimizes the reduction in C/N0 seen by the defender when
dTs = Tw . The proof of this is similar to the proof given in
[16] that the tanh(·) nonlinearity minimizes the squaring loss
in so-called Z-tracking receivers. Hence, one might expect the
MMSE estimate to be the most effective of the three methods
considered for minimizing the probability of detection. However, it will be shown later on that this is not the case for all
values of Tw .
As for ŴlMAP (n), the MMSE estimator’s nonlinearity
causes the statistics of ŴlMMSE (n) to be non-Gaussian, with
mean and second moment given by
= arg max [p (Zl (n)|Wl ) p(Wl )]
ŴlMAP (n) = arg
=1
Ŵl
2) Maximum A Posteriori Estimate of Wl : The MAP estimate ŴlMAP (n) is the value of Wl that maximizes the a
posteriori distribution of Wl conditioned on Zl (n):
ŴlMAP (n) = arg max p (Wl |Zl (n))
(15)
(8)
2
The distribution p (Zl (n)|Wl ) = N (Zl (n); Wl , σZ
(n)) is
ML
maximized by choosing Ŵl (n) = Zl (n), where N (x; µ, σ 2 )
denotes the functional form of a Gaussian distribution with
independent variable x, mean µ, and variance σ 2 . Note that
because the ML estimate operates without any prior constraint
on the value of Wl , ŴlML (n) can take on any real value.
It will be shown later on that the ML estimate’s inability to
incorporate the constraint Wl ∈ {−1, 1} makes it typically
the weakest of the three estimates in terms of minimizing the
probability of detection.
The mean and variance of ŴlML (n) are the same as those
given previously for Zl (n). Also useful for later computations
will be the second moment
2
(n)
E[(ŴlML (n))2 ] = 1 + σZ
(14)
E[(ŴlMAP (n))2 ]
3) Minimum Mean Square Error Estimate of Wl : The
MMSE estimate ŴlMMSE (n) is chosen to minimize the mean
square error conditioned on Zl (n):
[
]
ŴlMMSE (n) = arg min E (Ŵl − Wl )2 |Zl (n)
(16)
1) Maximum Likelihood Estimate of Wl : The ML estimate
ŴlML (n) is the value of Wl that makes Zl (n) appear most
likely; that is, it maximizes the probability distribution of
Zl (n) conditioned on Wl :
ŴlML (n) = arg max p (Zl (n)|Wl )
E[ŴlMAP (n)] = Wl (1 − 2pe (n))
E[ŴlMMSE (n)] =
(
∫ ∞
tanh
−∞
(12)
E[(ŴlMMSE (n))2 ]
(
∫ ∞
2
=
tanh
This rule is equivalent to choosing ŴlMAP (n) = sgn(Zl (n)),
by which one can see that the MAP criterion leads to a “hard”
−∞
4
z
2 (n)
σZ
z
2 (n)
σZ
)
)
(
)
2
N z; Wl , σZ
(n) dz
(17)
(
)
2
N z; Wl , σZ
(n) dz
(18)
Preprint of article in IEEE Transactions on Aerospace and Electronics Systems.
1) The Amplitude Factor α: For simplicity, the received
signal under H0 is modeled as having unity amplitude. As
a consequence, the authentic received signal power averaged
over the lth security code chip is
It should be noted that, due to the summation in (6),
ŴlMMSE (n) is correlated along the index n. The same holds
true for ŴlML (n) and ŴlMAP (n).
IV. A S INGLE -C HIP D ETECTION S TATISTIC
1
Pa =
M
The SCER-spoofing detection problem is best treated as
a hypothesis test wherein one decides between the null hypothesis H0 (no SCER attack underway) and the alternative
hypothesis H1 (SCER attack underway). A decision between
the two hypotheses is based on samples Yk from the GNSS
RF front end taken over some range of k. To simplify the
analysis, it is convenient to first consider a hypothesis test
involving samples Yk taken over the interval spanned by a
single security code chip. Accordingly, this section develops
a detection statistic Sl corresponding to the lth security code
chip. The next section synthesizes a full detection statistic from
a set of N single-chip statistics.
Ps =
1
2
1
M
kl +M
∑−1
α2 E[Ŵl2 (nlk )]s2k
k=kl
In the computation of Ps , Ŵl (nlk ) is treated as a random
variable whose mean square value E[Ŵl2 (nlk )] will be unity
for the MAP estimator [Eq. (15)] but will deviate from unity
for the ML and MMSE estimators [Eqs. (9) and (18)], with
the greatest deviation at small values of nlk . Thus, without
compensation, the ML or MMSE estimators would result in
the spoofing signal having an implicit power advantage or
disadvantage compared to the authentic signal. For comparison
of different spoofing techniques, it is convenient to explicitly
model the spoofer’s power advantage by defining the factor
η , Ps /Pa . The power advantage is enforced by defining the
amplitude factor α such that α2 , η/PŴl , with
Consider the following hypothesis pair, which models the
samples Yk output by the defender’s RF front end during the
interval spanned by the lth security code chip. The model is
based on the received signal model in (1) and the spoofing
signal model in (4):
PŴl =
(19a)
(19b)
1
M
kl +M
∑−1
E[Ŵl2 (nlk )]
k=kl
By setting η = 1, one can model a SCER attack in which the
spoofing and authentic signals have equivalent power, and by
setting η > 1, one can model a situation in which the received
spoofing signal is more powerful than the received authentic
signal. A later section will analyze the tradeoffs involved, from
the spoofer’s perspective, in setting the value of η.
2) The Automatic Gain Control Factor g: To minimize
distortion losses in the analog-to-digital conversion process,
multibit-quantizing GNSS RF front ends route signals through
an automatic gain controller (AGC) before quantization [15].
The AGC has the effect of maintaining the power level
constant in the output sample train Yk . In the model given
by (19), this constant power level is assumed to be equal to
1/2 + σr2 , which is the power in Yk under the H0 . Thus, the
AGC factor g under H0 is assumed to be unity. Under H1 , the
AGC factor becomes g = (1/2 + σr2 )(η/2 + σr2 )−1 so that the
power in Yk under H1 is also 1/2 + σr2 . Hence, if η > 1, then
g < 1. Inclusion of g in the hypothesis test model is necessary
to properly account for the effect that increasing η has on the
noise sample variance.
3) Remarks: The hypothesis test model in (19) invokes a
significant assumption; namely, that under a spoofing attack
only the counterfeit signal is present. This assumption is valid
in cases where the spoofer blocks or otherwise nulls the
authentic signals before transmitting its counterfeit replicas,
which it can do in any one of the following ways: (1) injecting
the spoofing signal directly into the defender’s RF input,
bypassing the antenna, (2) covering the defender’s antenna
with material that blocks RF energy at GNSS frequencies
Here, k = kl , kl + 1, ..., kl + M − 1, where M is the number
of samples in the lth security code chip (M is approximated
as constant from chip to chip). Under hypothesis H0 , the
received signal is an authentic GNSS signal with security
code chip value Wl and independent noise samples distributed
as Nk ∼ N (0, σr2 ), where σr2 corresponds to (C/N0 )r , the
authentic signal’s C/N0 as seen by the defender, with σr2 related to (C/N0 )r as in (2). Under hypothesis H1 , the received
signal is a spoofer-generated counterfeit signal modulated by
an estimate Ŵl (nlk ) of the lth security code chip. The type of
the estimate, whether ML, MAP, or MMSE, will be specified
as necessary. The index nlk represents the number of samples
that contribute to the spoofer’s estimate of Wl , just as does
the index n in (6); nlk can be expressed in terms of the index
of the first sample within the lth chip, kl , and the spoofer’s
presumed estimation delay d:
nlk = min(k + d − kl + 1, M )
k=kl
Wl2 s2k ≈
Ignoring for now the gain factor g, the average received signal
power over the same interval for the H1 hypothesis is
A. Single-Chip Hypothesis Test
H0 : Yk = Wl sk + Nk ,
[
]
H1 : Yk = g αŴl (nlk )sk + Nk
kl +M
∑−1
(20)
Note that this expression for nlk assumes that the spoofer’s
estimate of Wl is based on at least one sample, since when
k = kl and d = 0, nlk = 1. This assumption is consistent
with the zero-latency SCER attack model introduced previously, which contemplates a spoofer with zero processing and
transmission delay. The min(·) function is required in (20)
because no estimate of Wl can benefit from more than the
total number of samples within the interval spanned by Wl .
The following subsections define the coefficients α and g.
5
Preprint of article in IEEE Transactions on Aerospace and Electronics Systems.
ŴlMAP (nlk ), then the the H0 distribution of Yl remains
Gaussian but the H1 distribution is non-Gaussian. Nonetheless,
it can be shown that the Gaussian noise samples Nk cause the
H1 distribution of Yl to be approximately Gaussian even for
MMSE and MAP estimation under the following conditions:
(1) the spoofing power factor η remains below about 3, and (2)
the ratio of the defender’s sample noise to the spoofer’s sample
noise σr2 /σs2 is greater than about 0.8. Under these conditions
the variance of the noise samples Nk is large relative to
the variance of the signal term αŴl (nlk )sk , and thus the
statistics of Yk are dominated by the Gaussian statistics of
Nk . If condition (1) above is violated then the spoofer will
be vulnerable to detection by an in-band power test, as will
be discussed further in Section VI; if condition (2) is violated
then the spoofer’s estimate Ŵl (nlk ) will be so inaccurate that
the spoofer will be easily detected even if the detector structure
assumes Yk is Gaussian.
Given the above considerations, Yl can be safely approximated as a Gaussian random vector under both H0 and
H1 and for all security chip estimation strategies. With this
approximation the log of the likelihood function in (21)
reduces to a difference between two quadratic forms. Let the
mean and covariance of Yl under Hj be denoted as µlj and
Klj , j = 0, 1. Then the log likelihood ratio test can be written
and transmitting its counterfeit signals beneath this cover,
(3) transmitting at such a high spoofing power factor (e.g.,
η > 3) that the authentic signal is effectively eliminated by
the automatic gain control in the defender’s RF front end, or
(4) intentionally transmitting a signal that nulls the authentic
signal at the location of the defender’s antenna, as described
in [1].
The assumption is not valid, however, during the initial
stage of an over-the-air, unobstructed, low-power, non-nulling
attack, which may prove to be a common attack mode. In this
case, an admixture of the counterfeit and authentic signals is
received, with the authentic signal weaker than the spoofing
signal but not entirely negligible during the initial stage of
the attack when the signals are approximately code-phase
aligned. At this stage a so-called vestigial signal spoofing
defense such as discussed in [22] is a useful complement
to a cryptographic defense. As the attack proceeds and the
authentic and counterfeit correlation peaks separate, the model
for H1 in (19) becomes valid.
Neglecting the vestige of the authentic signal under H1
favors the defender in the spoofing detection problem, which
is an exception to the pessimistic defensive model generally
adopted in this paper in which simplifying assumptions tend
to favor the spoofer. But adequately modeling the envelope
of interaction between the two signals would complicate the
hypothesis model, and would, in all likelihood, demonstrate
what might be expected: spoofing detection based on security
codes is least powerful when the spoofing and authentic signals
are approximately aligned and are similar in magnitude. Moreover, consideration of the centimeter-level accuracy required
and experience with the spoofing testbed discussed in [23]
suggests that it is difficult to generate spoofing signals that
are carrier-phase aligned with their authentic counterparts from
the perspective of the defender’s RF front end. If the spoofer
fails to achieve this alignment to within 1/6 of a carrier cycle
(about 3 cm at the GPS L1 frequency) then the model in (19)
becomes approximately valid because the in-phase vestige of
the authentic signal is suppressed by more than 3 dB. In any
case, the experimental results in Sec. VIII will demonstrate
that the hypothesis model remains useful despite significant
interaction between the authentic and spoofing signals under
H1 .
−1
S̃l (yl ) , log Λ(yl ) =(yl − µl0 )T Kl0
(yl − µl0 )
−1
−(yl − µl1 )T Kl1
(yl − µl1 ) ≷ γ̃l
H0
which is interpreted as “choose H1 if the detection statistic S̃l (yl ) exceeds the threshold γ̃l ; otherwise choose H0 .”
Here, yl = [ykl , ykl +1 , ..., ykl +M −1 ]T is a realization of the
observation vector Yl containing a particular set of observed
samples. When viewed as a random variable, S̃l (yl ) is written
S̃l (Yl ). Given the probability distribution of S̃l (Yl ) under H0
and under H1 , the threshold γ̃l can be chosen to satisfy a
pre-determined probability of false alarm PF from which a
corresponding probability of detection PD can be calculated. It
should be noted that, for a single-chip hypothesis test, PD will
be unacceptably low; hundreds of chip-level detection statistics
must be combined to increase PD beyond a satisfactory value,
as discussed in the next section.
In the form shown in (22), the single-chip decision problem
is equivalent to the general Gaussian problem treated in [20].
In the general case for which µl0 ̸= µl1 and Kl0 ̸= Kl1 ,
expressions for the H0 and H1 distributions of S̃l (Yl ) are
not easily derived. Special cases of the problem lead to a
simplification of (22). For example, when µl0 = µl1 as is
approximately true when Ŵl (n) = ŴlML (n), then (22) can
be expressed as a single quadratic form. But even in this case
the distributions of S̃l (Yl ) under H0 and H1 are cumbersome
owing to the unequal variances of successive samples under
H1 . This is true even though Kl1 can be diagonalized by an
orthogonal transformation of Yl .
B. An Optimal Single-Chip Statistic
Referring to the model in (19), let Yl
=
[Ykl , Ykl +1 , ..., Ykl +M −1 ]T be a vector of samples taken
over the lth security code chip. The optimum procedure for
deciding between H0 and H1 compares a threshold value
against the so-called likelihood ratio, or the ratio of the
distribution of Yl under H1 to the distribution of Yl under
H0 , written as [19]
Λ(yl ) =
pYl |H1 (yl |H1 )
pYl |H0 (yl |H0 )
(22)
H1
(21)
C. A Sub-Optimal Single-Chip Statistic
If Ŵl (nlk ) = ŴlML (nlk ), then Yl is distributed as a Gaussian
random vector under both the H0 and H1 hypotheses. On
the other hand, if Ŵl (nlk ) = ŴlMMSE (nlk ) or if Ŵl (nlk ) =
To obtain tractable expressions for the detection statistic distributions, consider a simplification of (22). This simplification
6
Preprint of article in IEEE Transactions on Aerospace and Electronics Systems.
usually necessary to correlate against all M samples within
a security code chip; instead, for computational savings, the
correlation can be limited to a suitable M̄ < M samples.
favors the spoofer by making the detection test sub-optimal;
nonetheless, as will be shown later on, the simplified test will
remain sufficiently powerful for good detection performance.
As mentioned in Section III-C, the MMSE and MAP estimates
of Wl incorporate the constraint Wl ∈ {−1, 1} in their
a priori distributions whereas the ML estimate does not.
Consequently, it can be shown that the MAP and MMSE
estimates tend to yield a lower probability of detection than
the ML estimate under optimal detection conditions, which
suggests that a spoofing defense should focus on the MAP
and MMSE estimates. When these estimation strategies are
assumed, one finds that the sensitivity of the test in (22) is
driven primarily by the difference in the means µl0 − µl1 as
opposed to the difference in the covariance matrices Kl0 −Kl1 .
The latter difference is small because both Kl0 and Kl1 are
dominated by the statistics of the independent noise samples
Nk under the two conditions mentioned above. Given this, it
is reasonable to assume Kl1 ≈ Kl0 = σr2 IM ×M . With this
approximation the detection test in (22) can be rewritten as
0
β(tn)
−0.2
−0.6
−1
0
10
15
D. Details on Calculating Sl
As shown in (24), the statistic Sl is formed by a weighted
correlation of the received signal yk with a code and carrier
replica sk and a local copy of the lth security code chip Wl .
Such calculations assume that the defender can generate sk ,
which implies tight tracking of the incoming spreading code
and carrier phase (conditions of ideal coherent detection), and
that it can generate Wl , which implies either prior knowledge
of the security code or the ability to reconstruct the security
code after some delay.
In private-key spreading code authentication schemes such
as the civil level-3 technique introduced in [7] and military
GPS Y- and M-code security, receivers store secure keys
that allow them to generate Wl as needed. In public-key
authentication schemes with a low-rate security code, such
as NMA [7]–[9], the long security code chip intervals allow
the receiver to obtain a highly accurate estimate of Wl , the
authenticity of which is subsequently verified by a public-key
validation function. If validated, the receiver’s estimated Wl
values are considered true and the corresponding statistics Sl
are generated by operations on buffered data; if invalidated, the
receiver reports a spoofing attack [8]. In public-key authentication schemes with a high-rate security code such as the level-2
technique proposed in [7], the key required to generate unpredictable sequences of Wl is revealed in the navigation message
moments after each unpredictable sequence is received [7], [9].
Thus, after receipt and cryptographic validation of the key, Wl
is reconstructed and the statistic Sl is generated by operations
on buffered data.
H1
(23)
H0
Recognizing that
µl0 = Wl [skl , skl +1 , ..., skl +M −1 ]T
and that
[
µl1 = gα E[Ŵl (nlkl )]skl , E[Ŵl (nl(kl +1) )]skl +1 ,
]T
..., E[Ŵl (nl(kl +M −1) )]skl +M −1
the detection statistic Sl (yl ) can be expressed as the sum
yk β(nlk )Wl sk
tn (µs)
It should be emphasized that Sl is not a particularly sensitive
statistic for detecting a SCER attack when Ŵl (n) = ŴlML (n)
because in this case µl0 ≈ µl1 . Nonetheless, the ML estimates
of Wl are so noisy to begin with that a detector based on Sl
demonstrates good performance against ML SCER attacks, as
will be shown later on. Against the stronger MAP and MMSE
SCER attacks, Sl is near the optimal detection statistic, as it
must be for good performance.
Multiplying by σr2 , canceling terms, rearranging, and absorbing constants into a new threshold γl yields a simplified singlechip detection test:
Sl (yl ) =
5
Fig. 2. Profiles of β(tn ) = β(nTs ) for two different threat models of a
SCER attack, both of which assume η = 1, d = 0, and a spoofer C/N0 = 54
dB-Hz.
1
(yl − µl0 )T (yl − µl0 )
σr2
H1
1
− 2 (yl − µl1 )T (yl − µl1 ) ≷ γ̃l
σr
H0
kl +M
∑−1
β(tn) assuming Ŵl (n) = ŴlMAP(n)
β(tn) assuming Ŵl (n) = ŴlMMSE(n)
−0.8
S̃l (yl ) =
Sl (yl ) = ylT (µl1 − µl0 ) ≷ γl
−0.4
(24)
k=kl
where β(n) = gαE[Ŵl (n)]/Wl − 1, or more properly its
absolute value, plays the role of a weighting function in the
correlation of the received samples yk with Wl and sk . Note
that β(n) depends on η, σs , d, and the assumed security code
chip estimation strategy; thus, it changes according to the
threat model. As can be seen in Fig. 2, for a zero-delay SCER
attack β(n), tends to weight most heavily the samples that
immediately follow a chip transition in the security code sequence. This makes intuitive sense: the spoofing and authentic
signals are most easily distinguished immediately following a
security chip transition when the spoofer’s estimate of Wl is
least certain. As more time elapses the spoofer’s estimate of
Wl improves until the spoofing and authentic signals become
practically indistinguishable. The tapering profile of β(n) also
implies that for low-rate security codes with long Tw it is not
E. Statistics of Sl
Because Yl can be approximated as a Gaussian random
vector under the two conditions discussed in Section IV-B,
7
Preprint of article in IEEE Transactions on Aerospace and Electronics Systems.
and because the detection statistic Sl is a linear transformation
of Yl , it follows that Sl is approximately Gaussian distributed
under both H0 and H1 . Let the mean and variance of Sl under
Hj be denoted as µSl j and σS2 l j , j = 0, 1. It can be shown
that the following expressions for these quantities are valid for
all threat models:
µSl 0 =
σS2 l 0
1
2
kl +M
∑−1
σ2
= r
2
µSl 1 =
β(nlk )
(25)
V. D ETECTION OF A SCER ATTACK
k=kl
kl +M
∑−1
β 2 (nlk )
A. Full Detection Statistic
(26)
Under any practical SCER attack detection scenario the
probability of detection associated with a single-chip detection
statistic will be unacceptably low. A more powerful detection
statistic can be synthesized from a set of single-chip statistics. Recognizing that the single-chip statistics {Sl : l =
1, 2, ...} are approximately Gaussian distributed and, due to
the independence of Wl and Wk for l ̸= k, independent
from one another, the full detection problem reduces to a
case of the general Gaussian problem treated in [20]. Let
S = [Slm , Slm +1 , ..., Slm +N −1 ]T be a vector of N chip-level
statistics Sl for some start index lm . Assume that over a block
of N chips the spoofer’s security code estimation strategy does
not change and that σr and σs remain approximately constant.
Then the elements of S will be statistically uniform and each
element’s mean and variance under Hj can be denoted simply
as µj = µSl j and σj2 = σS2 l j , j = 0, 1. The detection problem
then reduces to a test of the form
k=kl
gαWl
2
kl +M
∑−1
β(nlk )E[Ŵl (nlk )]
k=kl
σS2 l 1 =g 2 σS2 l 0 − µ2Sl 1
2 2 kl +M
∑−1 jl +M
∑−1
+
thus, q(l, n, m) can be written with only two arguments as
q(n, m) = q(m, n), where the last equality recognizes the
commutativity of n and m. Although in a real-time application
it would not be practical to numerically integrate (30) at all
the values of nlk and nlj required in (28), one could tabulate
q(n, m) for expected values of σs and calculate (28) via table
lookup.
g α
4
k=kl
(27)
(28)
β(nlk )β(nlj )q(l, nlk , nlj )
j=jl
Here, jl , like kl , is the index of the first sample in the lth security code chip. The expressions for E[Ŵl (nlk )] required in (27)
were given in Section III-C for the various security code estimation strategies. The function q(l, n, m) , E[Ŵl (n)Ŵl (m)]
is the correlation between two spoofer-generated estimates
of Wl , one estimate based on n samples and the other on
m samples. If one assumes that Ŵl (n) = ŴlML (n) then
q(l, n, m) is equivalent to
2σs2 min(n, m)
(29)
nm
which lends itself to easy computation. On the other hand, if
one assumes Ŵl (n) = ŴlMAP (n) or Ŵl (n) = ŴlMMSE (n),
then a closed-form expression for q(l, n, m) does not appear obtainable. However, recognizing that ŴlMAP (n) and
ŴlMMSE (n) are simply nonlinear functions of the matched
filter output Zl (n), one can define the bivariate Gaussian
random variable Zl = [Zl (n), Zl (m)]T and express q(l, n, m)
directly in terms of the density pZl (n),Zl (m) (ξn , ξm ) =
N ([ξn , ξm ]T ; Z̄l , P ):
∫ ∞∫ ∞
q(l, n, m) =
f (ξn , ξm )pZl (n),Zl (m) (ξn , ξm )dξn dξm
H1
(s − µ0 )T K0−1 (s − µ0 ) − (s − µ1 )T K1−1 (s − µ1 ) ≷ γ ∗
q(l, n, m) = 1 +
−∞
H0
where µ0 = µ0 1N , µ1 = µ1 1N , K0 = σ02 IN ×N , and K1 =
σ12 IN ×N , with 1N representing the N × 1 vector of ones and
IN ×N representing the N ×N identity matrix. The vector s =
[slm , slm +1 , ..., slm +N −1 ]T is a realization of the observation
vector S containing a particular set of observed single-chip
detection statistics. Taking advantage of the regular structure
of K0 and K1 , the test can be rewritten as
H1
asT s + sT b + c ≷ γ ∗
H0
where
−∞
(30)
If Ŵl (n) = ŴlMAP (n), then f (ξn , ξm ) = sgn(ξn )sgn(ξm ); if
Ŵl (n) = ŴlMMSE (n), then
2
2
f (ξn , ξm ) = tanh(ξn /σZ
(n)) tanh(ξm /σZ
(m)). The mean
l
l
T
of Zl is Z̄l = [Wl , Wl ] and the (i, j)th element of its 2 × 2
covariance matrix is P (i, j) = 2σs2 min(i, j)/ij.
Equation (30) can be numerically integrated to produce
q(l, n, m). In general, Zl (n) and Zl (m) are highly correlated
and the density pZl (n),Zl (m) (ξn , ξm ) is concentrated within
an elongated ellipse rotated approximately 45 degrees from
the horizontal axis in the ξn , ξm plane. A more compact
range of integration and better numerical properties result by
introducing the coordinate transform Ul = R−T Zl where
RT R = P is the Cholesky factorization of P [24]. Also,
as might be expected by reference to the specific case in
(29), q(l, n, m) is insensitive to the value of Wl ∈ {−1, 1};
a=
1
1
− 2,
σ02
σ1
(
b = b1N = 2
1
1
µ1 − 2 µ0
σ12
σ0
)
and c is a scalar constant independent of s. Completing the
square and absorbing constants into a new threshold γ, the test
is further reduced to
H1
L(s̃) = as̃T s̃ ≷ γ
(31)
H0
where s̃ = s+b/2a. The quantity L(s̃) is the full SCER attack
detection statistic, which, when viewed as a random variable,
is written L(S̃). By the form of (31) one can recognize the
distribution of L(S̃) as:
(
)
1
ξ
2
pL|Hj (ξ|Hj ) =
χ
; λj , j = 0, 1
(32)
|a|σj2 N aσj2
8
Preprint of article in IEEE Transactions on Aerospace and Electronics Systems.
where
Imperfectly matched detection models will be treated in the
next two sections.
)2
N (
∑
µj + b/2a
λj =
, j = 0, 1
σj
i=1
1
χ2N (ξ; λ)
and where
is the functional form of a noncentral
chi-square distribution with N degrees of freedom and noncentrality parameter λ.
PD
0.8
0.6
B. Calculation of γ and PD
High-rate security code
(Tw = 2 µs)
ML
AP
M
SE
M
M
0.4
Given pL|H0 (ξ|H0 ), the threshold γ can be chosen to satisfy
a pre-determined probability of false alarm PF by solving for
γ in
∫ ∞
PF =
pL|H0 (ξ|H0 )dξ
1
MMSE
Low-rate security code
(Tw = 20 ms)
PD
0.9
γ
A corresponding probability of detection PD is calculated as
∫ ∞
PD =
pL|H1 (ξ|H1 )dξ
0.8
ML
MAP
0.7 −8
10
γ
−6
10
−4
10
−2
10
0
10
PF
Care should be taken to properly treat for the case a ≤ 0,
which occurs in rare cases when η is large and σs is small.
In an operational spoofing detection system, PF will be set
to a fixed value (e.g., 10−4 ) and γ will be re-calculated as
necessary under conditions of changing µ0 and σ0 . Likewise,
PD , which varies with µ1 and σ1 , can be re-calculated with
each N -length batch of Sl processed to provide a real-time
measure of the power of each detection test. Reference [8]
discusses the use of PD in a real-time signal authentication
strategy.
Fig. 3. ROCs for the ML, MAP, and MMSE security code estimation strategies under the following scenario: (C/N0 )s = 54 dB-Hz, (C/N0 )r = 48
dB-Hz, η = 1, d = 0, N = 400. Top panel: High-rate security code with
Tw = 2 µs. Bottom panel: Low-rate security code with Tw = 20 ms.
The top panel of Fig. 3 shows ROCs for a zero-latency
SCER attack against a high-rate security code (Tw = 2 µs).
The detection test is based on a set of N = 400 single-chip
observations Sl , which, at Tw = 2 µs, would allow a test to
be run every 800 µs. For all tests the power factor η = 1,
which means that the spoofing signal is matched in power
to the authentic signal and that no security code estimation
strategy has a hidden power advantage over the others. The
need to perform an equal-power comparison among security
code estimation strategies is the reason why the spoofing attack
must be modeled in such a way that η can be set directly.
It is clear from the plots in the top panel that MMSE is
the spoofer’s most potent security code estimation strategy
under this scenario. Even still, and despite the spoofer’s 6-dB
C/N0 advantage, the detection test against MMSE maintains
PD > 0.9 at PF = 10−4 . For greater PD , the number N of
participating Sl can be increased.
The attack scenario for the bottom panel of Fig. 3 is the
same as for the top panel except that a low-rate security
code is assumed, such as would be the case in a system
protected by NMA. Again, the detection test is based on
a set of N = 400 single-chip statistics Sl , which implies
that, at Tw = 20 ms, each test would require an interval
of 8 seconds. In fact, for a practical application of NMA
the interval between tests will be longer than this because,
to preserve backward compatibility, only short segments of
the navigation message can be encrypted [8]. MAP and ML
are the spoofer’s most potent estimation strategies under this
scenario, while the MMSE strategy is the most easily detected.
Focusing on the MMSE and MAP estimation strategies, for
which the detection test is nearly optimal, consider that Fig.
3 reveals two somewhat surprising results. First, there is a
stark difference between the MMSE and the MAP strategies
for the low-rate security code case (lower panel). Second,
C. Detector Performance
The performance of the SCER attack detection test proposed
in the foregoing sections can be evaluated in terms of the
so-called receiver operating characteristic (ROC), which gives
PD as a function of PF [19]. This section presents ROCs
for representative attack scenarios against high-rate and lowrate security codes. Each ROC has been generated on the
basis of the statistical model for Sl given in Section IV-E,
which has been cross-checked against extensive Monte-Carlotype numerical simulations, and on the the statistical model
for L(S̃) given in Section V-A.
In all cases considered in this section the C/N0 of the
authentic signal as tracked by the spoofer, denoted (C/N0 )s
and related to σs by (2), is assumed to be 54 dB-Hz. This
is approximately the strongest C/N0 that can be expected for
terrestrial GNSS reception without resorting to a directional
antenna or special cooling of the antenna amplifier [25]. The
assumed C/N0 of the authentic signal as tracked by the
defender, (C/N0 )r , is 48 dB-Hz. The particular (C/N0 )r and
(C/N0 )s values chosen here, while somewhat arbitrary, are
meant to represent a challenging detection scenario in which
the spoofer is nominally assumed to have a 6 dB signal
strength advantage compared with the defender. Also, in all
cases considered in this section the assumed threat model
has been exactly matched to the actual attack parameters. In
other words, the detection test correctly models the spoofer’s
security code chip estimation strategy, whether ML, MAP, or
MMSE, and correctly models the values of η, σs , σr , and d.
9
Preprint of article in IEEE Transactions on Aerospace and Electronics Systems.
whereas MMSE is more easily detected than MAP for the
low-rate code, the opposite is true for the high-rate code.
Figure 4 helps explain these results. For the same scenario
parameters that apply to the lower panel of Fig. 3, it shows
20 simulated time histories of security code chip estimates
ŴlMMSE (top panel) and ŴlMAP (bottom panel) over the first
20 µs after the beginning of a unity-valued security code
chip. The nearly vertical lines in the lower panel of Fig. 4
result from transitions between ±1-valued MAP estimates.
Eventually, as more samples are received, all the simulated
MAP estimates settle to unity. The same is true for the MMSE
estimates only in a limiting sense: substantial deviations from
unity are present even after 10 µs. The MAP estimates have
an advantage for low-rate codes (long Tw ) because after a
sufficient time elapses the estimates of Wl become nearly
certain and it becomes optimal in the sense of reducing PD
to enforce the Wl ∈ {−1, 1} a priori constraint. On the other
hand, for high-rate codes such as one having Tw = 2 µs, the
Wl estimates remain so uncertain over the entire length of
the chip that the MMSE strategy, which minimizes the mean
square error, performs better in the sense of reducing PD .
The transition value of Tw at which the MMSE and MAP
strategies are equally potent in terms of reducing PD depends
on the values of (C/N0 )s and (C/N0 )r ; for the parameters
that apply to Fig. 3, the transition occurs at Tw = 4 µs.
the defender, along with the spoofer’s security code estimation strategy, whether ML, MAP, or MMSE. But of course
the defender cannot be expected to know for certain the
spoofer’s estimation strategy or the exact signal parameters.
One approach to dealing with this uncertainty, referred to as
robust detection, is to demonstrate that a detection test which
assumes a particular threat model is still able to maintain
good performance even when the actual threat deviates from
the assumed model, so long as the deviation is confined to a
reasonable neighborhood about the assumed threat model [19].
Adopting this approach, the present section will focus on the
parameters σr , σs , η, and d. Section VII will treat uncertainty
in the spoofer’s security code estimation strategy.
A. Variation and Uncertainty in σr and σs
Consider first the parameters σr and σs [correspondingly,
(C/N0 )s and (C/N0 )r ]. For convenience, let the spoofer’s
C/N0 advantage over the defending receiver be denoted
∆(C/N0 )sr , (C/N0 )s − (C/N0 )r . As ∆(C/N0 )sr increases, a spoofing attack becomes more potent because the
spoofer’s Wl estimates are more accurate and the defender
is less able to distinguish the detection statistic L(s̃) from
noise. In recognition of this, the goal of cryptographic antispoofing should not be to prevent a successful attack at all
cost, but to make one difficult. In this paper’s view, if the
spoofer is forced to employ a specialized high-gain antenna
to carry out a successful attack, then the cryptographic antispoofing system has met its goal. Accordingly, this paper will
assume that σs2 ≥ σr2 /2, which implies ∆(C/N0 )sr ≤ 3
dB. This is consistent with a spoofing model in which the
defender and spoofer are close to one another and both employ
commercially-available antennas with a wide field of view.
The up-to-3-dB advantage recognizes that the spoofer’s active
antenna may have a somewhat better noise figure than the
defender’s or the spoofer may be slightly better positioned for
signal reception, but it is assumed that the spoofer does not
employ a highly directional antenna or special cooling of the
antenna amplifier.
In the absence of spoofing or other interference, the defender can be expected to maintain an estimate of (C/N0 )r
from which σr can be calculated via (2). Preliminarily, assume that an accurate estimate is available and consider
only the effect of variation in (C/N0 )r on PD . Figure
5 shows how worst-case PD varies with (C/N0 )r on the
range 40 ≤ (C/N0 )r ≤ 51 dB-Hz, which spans typical
values of (C/N0 )r , assuming a zero-latency SCER attack and
∆(C/N0 )sr ≤ 3 dB.
The rightmost trace corresponds to a high-rate code with
N = 400 chip-level observations and assumes the MMSE
estimation strategy, which is the spoofer’s most potent in this
case. PD drops precipitously as (C/N0 )r falls below about
46 dB-Hz because the increasing variance of the single-chip
statistics Sl prevents the defender from reliably distinguishing
H0 from H1 . Increasing N from 400 to 1000 (center trace)
maintains PD above 0.9 over the full range of (C/N0 )r
considered. A trace corresponding to a low-rate security code,
which never drops significantly below PD = 1 over the range
1
ŴlMMSE
0.5
0
−0.5
−1
1
ŴlMAP
0.5
0
−0.5
−1
0
2
4
6
8
10
12
14
16
18
20
Time since beginning of security code chip (µs)
Fig. 4. Simulated time histories of security code chip estimates ŴlMMSE (top
panel) and ŴlMAP (bottom panel) over the first 20 µs after the beginning
of a security code chip. Scenario parameters are identical to those for the
bottom panel of Fig. 3. MMSE and MAP chip estimates are based on the
same simulated matched filter output Zl .
One might also wonder how changes in the parameters σr ,
σs , η, and d affect detector performance. The issues of detector
sensitivity to parameter variations and detector robustness to
parameter uncertainty will be treated in the next section.
VI. D ETECTOR ROBUSTNESS
The SCER attack detection test proposed in this paper
assumes that the parameters σr , σs , η, and d are known to
10
Preprint of article in IEEE Transactions on Aerospace and Electronics Systems.
1
considered, is also shown in the plot along the PD = 1 line.
The low-rate code performs better for equivalent N than the
high-rate code because the former has the advantage that each
Sl is based on a longer correlation with the incoming samples.
It bears remembering, however, that the high-rate code allows
a much shorter time between detection tests.
Reported value
True value
PD
0.98
0.96
0.94
0.92
0.9
40
42
44
46
48
50
52
48
50
52
1
Tw = 20ms
N = 400
Ŵl = ŴlMAP
0.8
0.7
40
1
Tw = 2µs
N = 400
Ŵl = ŴlMMSE
Tw = 2µs
N = 1000
Ŵl = ŴlMMSE
42
0.8
Reported value
PD
PD
0.9
True value
0.6
44
46
48
50
52
0.4
40
(C/N0 )r (dB-Hz)
42
44
46
(C/N0 )r (dB-Hz)
Fig. 5. Worst-case PD as a function of (C/N0 )r assuming ∆(C/N0 )sr ≤ 3
dB, η = 1, and d = 0.
Fig. 6.
Worst-case PD as a function of (C/N0 )r assuming d = 0,
∆(C/N0 )sr ≤ 3 dB, η = 1, and PF = 10−4 . It is further assumed that
the threat model underestimates (C/N0 )r by 2 dB (i.e., (C/N0 )rT M =
(C/N0 )r − 2 dB-Hz). Top panel: Detector-reported and actual PD for a
low-rate security code with Tw = 20ms, MAP, and N = 400. Bottom
panel: Detector-reported and actual PD for a high-rate security code with
Tw = 2 µs, MMSE, and N = 1000.
Now consider uncertainty in σr [correspondingly,
(C/N0 )r ]. For each successive detection test, the defender
will typically employ an estimate of σr obtained during the
previous test period. Due to satellite or vehicle dynamics,
the previously-obtained estimate may be inaccurate by the
time it is applied. It is also possible that the spoofer could
intentionally manipulate the defender’s estimate of σr by, for
example, applying a low level of jamming as a prelude to a
spoofing attack. If the jamming continues at the same level
during the spoofing attack, then there will be no mismatch
between the actual value of σr and the value that the defender
assumes in its detection test, and the degradation in PD will
be as shown in Fig. 5 provided that, despite the jamming,
∆(C/N0 )sr ≤ 3 dB. If instead the spoofer switches off the
low-level jamming just as it begins a spoofing attack, then
the actual σr will be smaller than the value assumed in the
detection test.
Of course, the spoofer cannot apply an arbitrary level of
jamming if it wishes to avoid detection. Reference [23] shows
that, within a spectral band about a GNSS center frequency,
any increase in the total received power beyond 1.5 dB above
the quiescent in-band power has a less than 1 in 3000 chance of
being naturally caused by solar effects during solar maximum.
The likelihood falls to 1 in 8000 when averaged over the full
11-year solar cycle. Other causes of elevated in-band power
such as the daily variation in number and type of overhead
GNSS satellites or an increase in antenna temperature due to
antenna mispointing would lead to an in-band power increase
well below the 1.5 dB level. If one assumes that the power of
the particular GNSS signal under test is small compared to the
total in-band power, then it follows that the spoofer can only
artificially reduce (C/N0 )r by up to 1.5 dB without detection.
Figure 6 considers a scenario in which the threat model’s
value of (C/N0 )r , denoted (C/N0 )rT M , is 2 dB below the
actual value, or 0.5 dB beyond the 1.5-dB limit just mentioned.
As before, ∆(C/N0 )sr ≤ 3 dB and the true value of (C/N0 )r
ranges from 40 to 51 dB-Hz. The threat model correctly assumes that the spoofer has an up-to 3-dB C/N0 advantage [i.e.,
(C/N0 )sT M ≤ (C/N0 )rT M + 3 dB-Hz] but underestimates
(C/N0 )r by 2 dB [i.e., (C/N0 )rT M = (C/N0 )r − 2 dB-Hz].
The mismatch in assumed and actual (C/N0 )r and (C/N0 )s
values leads the detection test to apply a slightly mismatched
weighting sequence β and a threshold γ that is somewhat
higher than the correct value for PF = 10−4 . The result is
that the true value of PD is below the value reported by the
detection test, as shown in Fig. 6. The true value is also below
the PD that would have resulted from a properly matched test
(not shown in the figure). Nonetheless, for the low-rate security
code (top panel) the true PD is maintained above 0.9 over the
range considered, and for the high-rate code (bottom panel),
the number of observations N can be increased to 2000 to keep
the true PD above 0.9. Therefore, the SCER attack detector
can maintain good performance despite a fairly substantial
underestimate of (C/N0 )r .
Now consider overestimation of (C/N0 )r . Suppose that
(C/N0 )r ≤ (C/N0 )rT M ≤ (C/N0 )r + 2 dB-Hz. In this case
(not shown) true PD remains high but PF rises from 10−4 to
a maximum of 0.35 over the usual range 40 ≤ (C/N0 )r ≤ 51
dB-Hz for both low-rate and high-rate codes when other
scenario parameters are held as in Fig. 6. Clearly, a significant
overestimate of (C/N0 )r would cause the detector to issue
false alarms at an unacceptable rate. Fortunately, the spoofer
cannot induce the defender to overestimate (C/N0 )r . Moreover, for static receivers the detector’s estimate of (C/N0 )r
will be quite accurate. However, for a receiver mounted on a
dynamic platform navigating through a cluttered environment,
periodic overestimation of (C/N0 )r , and consequent elevation
of PF , appears unavoidable.
B. Variation and Uncertainty in η
The spoofer’s choice of η will be unknown to the defender
but can be bounded. Reference [23] shows that for reliable
11
Preprint of article in IEEE Transactions on Aerospace and Electronics Systems.
spoofing η must exceed unity. At the other extreme, to avoid
detection by an in-band power test with a threshold of 1.5
dB, as discussed above, η must be less than about 3 [23].
Figure 7 shows the effect on PD of varying η within the range
1 ≤ η ≤ 5 for high- and low-rate codes in a typical scenario.
As usual, it is assumed that ∆(C/N0 )sr ≤ 3 dB. Traces in the
figure correspond to (C/N0 )r = 40 or 51 dB-Hz, the extreme
values of the usual range considered for (C/N0 )r .
It is clear from the two traces marked ηT M = η that even
when the threat model value of η, denoted ηT M , is matched
to the true value, changes in η affect PD . In the low-rate case
(top panel), one can see that for (C/N0 )r = 40 dB-Hz, PD
takes on a minimum value of 0.9 at η = 3.2. This is the
worst degradation of the low-rate PD that non-unity η causes
over the range 40 ≤ (C/N0 )r ≤ 51 dB-Hz. For the high-rate
case (bottom panel), PD obtains its minimum out beyond the
largest value of η considered in the plot. The traces marked
ηT M = 1.2 show that even if the defender fixes ηT M at a
constant value of 1.2, the penalty paid relative to the matched
ηT M = η case is small for 1 ≤ η ≤ 3 at both the low and the
high ends of the (C/N0 )r range considered. In other words,
if ηT M = 1.2, then the detector is fairly robust to uncertainty
in η so long as η satisfies 1 ≤ η ≤ 3.
equates the width of the window of acceptance to the threshold
γT of a timing offset hypothesis test. Thus, if dTs > γT , an
alarm will be triggered in the defender.
Figure 8 shows how PD varies with dTs for typical low- and
high-rate scenarios when the threat model value of d, dT M ,
is matched to the true value. As one might expect, PD drops
with increasing dTs ≤ Tw because the spoofer’s security code
chip estimate accuracy improves with the longer minimum
integration time. Note that PD remains constant for dTs ≥
Tw , as evident in the high-rate plot, because the spoofer’s
security code chip estimates derive no additional benefit from
delays exceeding Tw . Also note from Fig. 8 that the spoofer’s
most potent estimation strategy (MMSE for high-rate codes
and MAP for low-rate codes) is more detectable for low-rate
codes than for high-rate codes out to approximately dTs =
7 µs. This agrees with the results shown in Fig. 3. In general,
for a fixed number of security code chips N and small dTs ,
spoofing detection is more powerful when dealing with lowrate codes than with high-rate codes because, while both the
spoofer and the defender benefit from longer code chips, the
defender benefits more.
To deal with uncertainty in dTs , one can set dT M Ts =
min(γT , Tw ), pessimistically assuming that the spoofer takes
full advantage of the defender’s timing uncertainty. If it is
actually the case that dTs = dT M Ts = γT , then PD varies
with dTs as shown in Fig. 8. If instead dTs < dT M Ts , then
the true value of PD in this mismatched case is no worse than
the value of PD shown in Fig. 8.
1
PD
0.95
ηT M = 1.2
(C/N0)r = 51 dB-Hz
0.9
0.85
0.8
1
ηT M = η
(C/N0 )r = 40 dB-Hz
ηT M = 1.2
(C/N0)r = 40 dB-Hz
1.5
2
2.5
3
3.5
4
4.5
1
PD
0.8
1
ηT M = 1.2, (C/N0)r = 51 dB-Hz
PD
0.9
0.7
0.6
ηT M = η
(C/N0 )r = 40 dB-Hz
0.8
0.7
0.6
1
Tw = 20 ms
Ŵl = ŴlMAP
Tw = 2 µs
Ŵl = ŴlMMSE
0.9
5
0.5
0
2
2.5
3
3.5
2
3
4
5
6
7
8
dTs (µs)
ηT M = 1.2
(C/N0 )r = 40 dB-Hz
1.5
1
4
4.5
Fig. 8.
Worst-case PD as a function of dTs assuming dT M = d,
(C/N0 )r = 46 dB-Hz, ∆(C/N0 )sr ≤ 3 dB, N = 400, η = 1, and
PF = 10−4 .
5
η
Fig. 7.
Worst-case true PD as a function of η assuming d = 0,
∆(C/N0 )sr ≤ 3 dB, N = 400, and PF = 10−4 . Top panel: Low-rate
security code with Tw = 20ms and Ŵl = ŴlMAP . Bottom panel: High-rate
security code with Tw = 20 µs and Ŵl = ŴlMMSE .
D. Discussion
The scenarios considered here highlight two advantages that
high-rate security codes have over low-rate codes: (1) for the
same number N of single-chip observations Sl , a high-rate
code is able to perform a detection test within a much shorter
time interval (e.g., 800 µs vs. 8 seconds for N = 400 and
Tw = 2 µs vs. Tw = 20 ms), and (2) the benefit of the delay
dTs to the spoofer’s security code estimates cannot exceed
Tw ; hence, a high rate security code strictly limits the extent
to which PD can be degraded by extending dTs .
Nonetheless, low-rate security codes are useful for SCER
attack detection. Reference [8] offers a practical low-rate
security code implementation wherein batches of N = 476
unpredictable security code chips are periodically inserted
into the navigation data stream—an instance of NMA. Figure
It is worth emphasizing that the bound η ≤ 3 and the
1.5-dB bound on the spoofer’s ability to artificially reduce
(C/N0 )r are only valid if the receiver’s total in-band power
is continuously monitored. This is the reason why the comprehensive signal authentication scheme advanced in [8] includes
a jamming-to-noise meter on the RF front end.
C. Variation and Uncertainty in d
As with η, the spoofer’s choice of delay d will be unknown
to the defender but can be bounded. To prevent detection, the
spoofer must maintain dTs below the defender’s timing uncertainty, or “window of acceptance” [7], [8], [17]. Reference [8]
12
Preprint of article in IEEE Transactions on Aerospace and Electronics Systems.
TABLE I
S CENARIO : Tw = 2 µS , dTs = 0.2 µS , N = 400, η = 1, (C/N0 )r = 47
D B-H Z , (C/N0 )s = 53 D B-H Z , PF = 10−4
5 shows that with even fewer security code chips (N =
400), the low-rate code maintains PD near 1 across the full
range of (C/N0 )r in a zero-delay SCER attack, and Fig. 6
shows that the low-rate code is fairly robust in cases where
(C/N0 )rT M < (C/N0 )r . Moreover, Fig. 8 makes it clear that,
for the typical scenario considered, the low-rate security code
maintains PD above 0.9 out to a delay dTs = 5 µs. Thus, one
can claim that a low-rate strategy such as NMA is not only
useful for message authentication, but also for authentication
of the underlying signal in the sense that it is a powerful
defense against a zero-delay SCER attack and remains strong
against a non-zero-delay SCER attack for dTs up to several
µs. This result has not been previously established in the open
literature.
Spoofer
Defender
MAP
ML
MMSE
MAP
ML
MMSE
0.85
0.83
0.82
0.79
0.82
0.68
0.72
0.64
0.74
anticipate the spoofer’s strategy. For example, if the spoofer
chooses MMSE and the defender chooses ML, then, because
the detection test is not properly matched to the threat, PD
drops to 0.64.
Assume for the moment that the defender and spoofer
choose only one strategy at a time. Then standard reasoning
from game theory applies to such spoofer-defender games.
Define the defender’s security level for a particular strategy
as the smallest PD for that strategy choice. For example,
the security level for the defender’s MAP strategy is 0.72.
Likewise, from the spoofer’s point of view a security level
for a particular strategy can be defined as the maximum of
all negative PD values for that strategy, so that the spoofer’s
security level for MMSE is -0.64.
A reasonable approach to the game in Table I would be for
each player to choose the strategy that maximizes the player’s
overall security level. Accordingly, the defender would choose
MAP and the spoofer would choose MMSE. This strategy pair,
written (MAP, MMSE), is said to be in equilibrium if it would
not profit either player to unilaterally depart from it. One can
see that (MAP, MMSE) is not, in fact, in equilibrium because,
holding fixed the spoofer’s choice of MMSE, the defender
would do better by choosing MMSE.
An important result from game theory is that every twoperson zero-sum game has an equilibrium point when randomized strategies are permitted; that is, when each player assigns
a probability to each pure strategy and chooses according to
this probability [26]. This result also applies in the context of
a spoofing attack, although, for practical reasons, the spoofer
and defender will probably adopt only pure strategies.
Some games in the present context do result in equilibrium
even when the players are restricted to pure strategies. Consider the game in Table II, which corresponds to a low-rate
security code in a challenging detection scenario.
VII. A G AME -T HEORETIC A PPROACH TO U NCERTAINTY
IN THE S ECURITY C ODE E STIMATION S TRATEGY
Each of the security code estimation strategies introduced
in Section III-C is optimal for the criterion from which it
is derived, whether ML, MAP, or MMSE. One might further
conjecture that, for a given spoofing scenario, no other security
code estimation strategy than one of these three would yield a
smaller PD in an optimal detection test or in the sub-optimal
detection test proposed in this paper. Proof of this conjecture
does not appear straightforward; however, it seems intuitively
plausible and this paper will assume it to be true. A spoofer
aiming to minimize PD can therefore be expected to choose
from among these three estimation criteria. Even still, from
the defender’s perspective, the spoofer’s particular choice is
uncertain. A sensible approach to dealing with this uncertainty
would be for the receiver to apply three detection tests at
each test interval, one tailored to each of the ML, MAP, and
MMSE strategies. However, this “check all cases” approach
is more computationally burdensome than performing a single
test and is not always consistent with the Neyman-Pearson
design criterion, which is to choose the decision rule that
maximizes PD for a fixed PF [19]. A better approach is to
treat estimation strategy uncertainty within the framework of
game theory.
A. SCER Attack and Defense as a Two-Player Zero-Sum Game
A SCER attack and defense can be thought of as a twoplayer zero-sum (strictly competitive) game [26] in which
the players—the spoofer and defender—choose from among
the set {MAP, ML, MMSE} of pure strategies. The entries
of the payoff matrix are the corresponding true values of
PD for the detection test proposed in this paper. As an
example, consider the game in Table I, which corresponds
to the scenario indicated in the caption. From this table, one
can see that if the spoofer chooses the MAP security code
estimation strategy and the defender implements a detection
test that assumes MAP estimates, then PD = 0.85. Among
all matched strategies (spoofer and defender both choose the
same strategy), MMSE is most effective for the spoofer in this
scenario because it minimizes PD along the upper left to lower
right diagonal elements of the table. But the spoofer can do
even better in terms of minimizing PD if the defender fails to
TABLE II
S CENARIO : Tw = 20 MS , dTs = 2 µS , N = 400, η = 1, (C/N0 )r = 50
D B-H Z , (C/N0 )s = 53 D B-H Z , PF = 10−4
Spoofer
Defender
MAP
ML
MMSE
MAP
ML
MMSE
0.91
0.01
0.89
0.80
0.99
0.31
0.99
0.02
0.99
In this case, the strategy pair (MAP, MAP) is in equilibrium.
Note also how poorly matched the ML detection test is against
either the MAP or MMSE strategies. This is a common
characteristic of low-rate codes.
13
Preprint of article in IEEE Transactions on Aerospace and Electronics Systems.
B. Observations
post-processing defender ingested this combined data stream,
tracked the signals present, and produced samples equivalent
to the product yk sk Wl in (24). These samples were weighted
by an appropriate β(n) to generate a sequence of chip-level
statistics Sl . Batches of 400 Sl were combined as in (31) to
generate a full detection statistic L every 8 seconds during the
course of the experiment.
Many games such as those in Tables I and II were analyzed
for various spoofing scenarios. Observations resulting from
this study can be summarized as follows.
1) Detection performance depends on what security code
estimation strategy the spoofer chooses and what strategy the defender assumes. Two-person zero-sum game
theory offers a framework for performance analysis in
this context.
2) Not all spoofer-defender games result in equilibrium.
3) The ML detection test is poorly matched against either
the MAP or MMSE strategies for low-rate codes.
4) It may be profitable for the defender to implement
separate parallel detection tests tailored to each of the
spoofer’s possible strategies, but this is not always the
case. For equivalent PF , performing multiple detection
tests can be worse for the defender than performing a
single security-level-maximizing test.
5) It is both practical and rational in the current context for
the spoofer to select a single strategy that will maximize
its security level and for the defender to choose one or
more detection tests depending on whether a single test
or multiple tests maximizes the guaranteed minimum
PD . As a general rule, these goals lead the spoofer to
choose MMSE for high-rate security codes and MAP
for low-rate codes except when ∆(C/N0 )sr is large, in
which case it chooses ML for high-rate codes. For its
part, the defender chooses MAP if limiting itself to a
single strategy.
Authentic signal only
pL|H0 (ξ|H0 )
pL|H1 (ξ|H1)
Histogram of
experimental L
Initial aligned attack
After carry−off
250
300
350
400
450
500
550
ξ
Fig. 9. Histograms of experimentally-generated detection statistics L (bar
plots) compared with the detection threshold (thick vertical line) and the
theoretical distributions pL|Hj (ξ|Hj ), j = 0, 1 at various stages of a zerodelay SCER attack.
VIII. E XPERIMENTAL R ESULTS
Figure 9 presents histograms of the experimentallygenerated L for a particular GPS signal during three stages
of the SCER attack. The top panel shows the attack prelude
during which only the authentic signal was present. At this
stage, the histogram of L values exhibits good correspondence
with the theoretical null-hypothesis probability distribution
pL|H0 (ξ|H0 ), which is based on the value (C/N0 )r = 41 dBHz that was measured by the defender. The alternative hypothesis distribution pL|H1 (ξ|H1 ) corresponds to (C/N0 )s = 46
dB-Hz, which was the spoofer’s carrier to noise ratio for
the same GPS signal during the attack. Thus, in this attack the spoofer’s C/N0 advantage over the defender was
∆(C/N0 )sr = 5 dB. The value of (C/N0 )s = 46 dB-Hz
in this experiment reflects the authentic signal’s native C/N0
in the original recorded data. The value of (C/N0 )r = 41 dBHz reflects the authentic signal’s C/N0 value in the composite
spoofing and authentic signal stream that was fed to the
defender.
The center panel shows the situation during the initial stage
of the attack when the authentic and spoofing signals were
aligned to within a small fraction of the ∼ 1-µs spreading
code chip interval. The counterfeit signal in this test was
only slightly stronger (0.7 dB) than the authentic signal; as
a result, there was strong interaction between the authentic
and spoofing signals in the defender’s complex-valued prompt
correlator. The presence of code-phase-aligned and nearly
An experimental testbed has been developed to evaluate
the detection strategy proposed in this paper and other GNSS
anti-spoofing techniques. The testbed consists of an advanced
version of the real-time GPS L1 C/A spoofer originally
presented in [1], a real-time software-defined GNSS receiver
that plays the role of defender, and post-processing versions of
both the spoofer and defender. This section presents a sample
of test results; [23] gives a fuller description of the testbed
and a more complete presentation of the experimental results.
For the results presented here, the testbed’s post-processing
spoofer was configured to mount a zero-delay SCER attack
against the post-processing defender. The real-time spoofer
and defender were not used because the latest version of
the real-time spoofer at the time these experiments were
conducted had a 2-ms processing delay, which prevents it
from carrying out a true zero-latency attack. The attack was
carried out as follows. The post-processing spoofer ingested
authentic recorded GPS L1 C/A data and, treating the 20-ms
navigation data bits as if they were unpredictable security code
chips, generated current MAP estimates of each data bit as
described in Section III-C. The spoofer then modulated each of
8 constituent spoofing signals in its output ensemble with the
corresponding current navigation data bit estimates. The output
data were subsequently combined at the sample level with the
original authentic data to produce a data stream representing
the composite spoofing and authentic signal ensembles. The
14
Preprint of article in IEEE Transactions on Aerospace and Electronics Systems.
equal-amplitude authentic and spoofing signals violates the
either/or assumption of the hypothesis test model in (19).
Despite this, the detection statistic exceeds the threshold more
than half the time. However, instead of clustering within
pL|H1 (ξ|H1 ), the histogram spreads out. The spreading is
driven by slow changes in the relative carrier phase of the
authentic and spoofing signals.
After the spoofer has successfully carried off the defender’s
tracking points and the authentic and spoofed correlation peaks
are separated by more than two spreading code chips, the
model in in (19) again becomes valid. The bottom panel of
Fig. 9 shows that at this stage the detection statistic clearly
clusters beyond the detection threshold and roughly within
the pL|H1 (ξ|H1 ) distribution. It should be noted that in the
experiment the post-carry-off C/N0 value measured by the
defender did not change significantly relative to the measured
C/N0 prior to the attack. Thus, a naive spoofing detection
strategy that triggers on changes in C/N0 , or, equivalently, in
the standard correlation power, would fail to detect this attack.
The results shown in Fig. 9 are representative of results from
many similar experiments at various values of (C/N0 )r and
(C/N0 )s that were conducted and which generally proved the
utility of this paper’s detection strategy [23]. The experiments
also highlighted the variety of possible signal interactions
during the initial stages of a spoofing attack, and underscored
the sensitivity—previously discussed in Sec. VI-A—of the
actual false alarm rate to overestimating (C/N0 )r .
R EFERENCES
[1] T. E. Humphreys, B. M. Ledvina, M. L. Psiaki, B. W. O’Hanlon,
and P. M. Kintner, Jr., “Assessing the spoofing threat: development
of a portable GPS civilian spoofer,” in Proceedings of the ION GNSS
Meeting. Savannah, GA: Institute of Navigation, 2008.
[2] D. Shepard and T. E. Humphreys, “Characterization of receiver response
to a spoofing attack,” in Proceedings of the ION GNSS Meeting.
Portland, Oregon: Institute of Navigation, 2011.
[3] Anon., “Vulnerability assessment of the transportation infrastructure
relying on the Global Positioning System,” John A. Volpe National
Transportation Systems Center, Tech. Rep., 2001.
[4] ——, “Global positioning system impact to critical civil infrastructure
(GICCI),” Mission Assurance Division, Naval Surface Warfare Center,
Tech. Rep., 2009.
[5] U. Kroener and F. Dimc, “Hardening of civilian GNSS trackers,” in
Proceedings of the 3rd GNSS Vulnerabilities and Solutions Conference.
Krk Island, Croatia: Royal Institute of Navigation, Sept. 2010.
[6] J. J. Spilker, Jr, Global Positioning System: Theory and Applications.
Washington, D.C.: American Institute of Aeronautics and Astronautics,
1996, ch. 3: GPS Signal Structure and Theoretical Performance, pp.
57–119.
[7] L. Scott, “Anti-spoofing and authenticated signal architectures for civil
navigation systems,” in Proceedings of the ION GNSS Meeting. Portland, Oregon: Institute of Navigation, 2003, pp. 1542–1552.
[8] K. Wesson, M. Rothlisberger, and T. E. Humphreys, “Practical cryptographic civil GPS signal authentication,” NAVIGATION, Journal of
the Institute of Navigation, 2011, submitted for review; available at
http://radionavlab.ae.utexas.edu/nma.
[9] G. Hein, F. Kneissl, J.-A. Avila-Rodriguez, and S. Wallner, “Authenticating GNSS: Proofs against spoofs, Part 2,” Inside GNSS, pp. 71–78,
September/October 2007.
[10] O. Pozzobon, L. Canzian, M. Danieletto, and A. Chiara, “Anti-spoofing
and open GNSS signal authentication with signal authentication sequences,” in Satellite Navigation Technologies and European Workshop
on GNSS Signals and Signal Processing (NAVITEC), 2010 5th ESA
Workshop on, Dec. 2010, pp. 1 –6.
[11] N. White, P. Maybeck, and S. DeVilbiss, “Detection of interference/jamming and spoofing in a DGPS-aided inertial system,” Aerospace
and Electronic Systems, IEEE Transactions on, vol. 34, no. 4, pp. 1208–
1217, 1998.
[12] P. Y. Montgomery, T. E. Humphreys, and B. M. Ledvina, “A multiantenna defense: Receiver-autonomous GPS spoofing detection,” Inside
GNSS, vol. 4, no. 2, pp. 40–46, April 2009.
[13] S. C. Lo and P. K. Enge, “Authenticating aviation augmentation system
broadcasts,” in Proceedings of the IEEE/ION PLANS Meeting. Palm
Springs, California: Institute of Navigation, 2010, pp. 708–717.
[14] K. Wesson, D. Shepard, and T. Humphreys, “Straight talk on antispoofing: Securing the future of PNT,” Inside GNSS, Jan. 2012.
[15] A. J. Van Dierendonck, Global Positioning System: Theory and Applications. Washington, D.C.: American Institute of Aeronautics and
Astronautics, 1996, ch. 8: GPS Receivers, pp. 329–407.
[16] K. T. Woo, “Optimum semi-codeless carrier phase tracking of L2,”
NAVIGATION, Journal of the Institute of Navigation, vol. 47, no. 2,
pp. 82 – 99, 2000.
[17] O. Pozzobon, C. Wullems, and M. Detratti, “Security considerations in
the design of tamper resistant GNSS receivers,” in Satellite Navigation
Technologies and European Workshop on GNSS Signals and Signal
Processing (NAVITEC), 2010 5th ESA Workshop on, dec. 2010, pp. 1
–5.
[18] M. K. Simon and M. Alouini, Digital Communications over Fading
Channels. New York: Wiley, 2000.
[19] H. V. Poor, An Introduction to Signal Detection and Estimation, 2nd
Edition. Springer, 1994.
[20] H. L. V. Trees, Detection, Estimation, and Modulation Theory. Wiley,
2001.
[21] Y. Bar-Shalom, X. R. Li, and T. Kirubarajan, Estimation with Applications to Tracking and Navigation. New York: John Wiley and Sons,
2001.
[22] K. Wesson, D. Shepard, J. Bhatti, and T. E. Humphreys, “An evaluation of the vestigial signal defense for civil GPS anti-spoofing,” in
Proceedings of the ION GNSS Meeting. Portland, Oregon: Institute of
Navigation, 2011.
[23] T. E. Humphreys, D. Shepard, and J. Bhatti, “A testbed for developing
and evaluating GNSS signal authentication techniques,” 2011, in preparation; available at http://radionavlab.ae.utexas.edu/testbed.
IX. C ONCLUSIONS
A detection test has been developed for security code estimation and replay spoofing attacks against cryptographicallysecured GNSS signals. The test is based on a model that
captures the essential features of a replay-type spoofing attack.
The test is nearly optimal for the spoofer’s most potent security
code estimation strategies and applies generally to low-rate
security codes such as navigation message authentication
and high-rate codes such as legacy GPS military encryption.
A performance and robustness evaluation indicates that the
detection test is able to maintain a high probability of false
alarm despite some uncertainty in the spoofer’s attack strategy
and despite the spoofer’s having a considerable carrier-to-noise
ratio advantage, power advantage, and delay-improved security
code estimates. Experimental tests on a spoofing testbed have
validated the detector’s statistical models in cases where only
the authentic signal or a spoofing signal is present, and have
shown that when both signals are present simultaneously
the detector has a degraded but still useful sensitivity. Of
immediate consequence, the results of this paper indicate
that simple navigation message authentication would be an
effective protection for civil GNSS signals against spoofing.
ACKNOWLEDGMENTS
The author thanks Dr. Mark Psiaki and Dr. Todd Moon for
informative discussions on detection theory, and Kyle Wesson
for fruitful conversations on comprehensive anti-spoofing.
15
Preprint of article in IEEE Transactions on Aerospace and Electronics Systems.
[24] T. K. Moon and W. C. Stirling, Mathematical Methods and Algorithms
for Signal Processing. New Jersey: Prentice Hall, 2000.
[25] O. Montenbruck, A. Hauschild, and U. Hessels, “Characterization of
GPS/GIOVE sensor stations in the CONGO network,” GPS Solutions,
vol. 14, no. 3, pp. 193–205, 2011.
[26] R. D. Luce and H. Raiffa, Games and Decisions: Introduction and
Critical Survey. Dover, 1989.
16